As organizations adopt new approaches to information management and access, internal audit departments face increasingly complex challenges in helping address the related risks. In fact, a new report from The IIA’s Global Internal Audit CBOK research, Navigating Technology’s Top Risks: Internal Audit’s Role, identifies several of those risk areas, including IT governance, use of mobile devices, and social media. It also highlights the importance of increased internal audit awareness of these areas, and of strengthening IT audit capabilities.
These two priorities are stressed as well in this month’s cover story, “The Cybersecurity Imperative." The rising number of cyberattacks against well-known companies — and the changing nature and source of those attacks — has gotten the board’s attention. Boards now want to know what the risks are to their organization, how it is protecting cyber assets, and whether it is capable of stopping attacks. In many cases, they’re turning to the internal audit function for assurance. If auditors are going to provide that assurance, says author Tim McCollum, they’ll need to increase their awareness of the latest threats and ensure they have the right skills.
Similarly, “Protecting Customer Data," by Michael Levy, discusses the role auditors must play in ensuring data privacy. Levy examines internal audit’s involvement in terms of risk assessment, governance, and security benchmarking, as well as training. He says auditors can leverage guidance material and other resources to help familiarize themselves with these areas and perform data security audits.
Organizational IT risks, however, are only part of the technology learning curve many auditors face. Practitioners may also struggle to stay abreast of technology specific to the profession, some of which has become essential to their work. As author Dave Coderre says of data analytics, the technology is “no longer a nice-to-have, but a requirement” (see “Gauge Your Analytics”). In discussing the “people” side of analytics, Coderre’s feature emphasizes the importance of having the right technical skills in the audit department, as well as business process knowledge.
The need for technology expertise — in both audit tools and organizational IT — will only increase. Cyberattacks are on the rise, privacy is becoming more and more difficult to protect, and the volume and complexity of data internal auditors must analyze continues to grow. All of these factors point to the importance of awareness and education. In fact, IIA Global Chairman Larry Harrington’s theme for the coming year, “Invest in Yourself," centers on that very notion. He stresses the importance of skill-building and lifelong learning — even if it requires an investment of one’s own time and money. The message seems especially apt for technology, where change and the need to adapt are an organizational constant.